STPA-SafeSec: Safety and security analysis for cyber-physical systems
نویسندگان
چکیده
Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance.Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits. © 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
منابع مشابه
Towards Combined Safety and Security Constraints Analysis
A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is ...
متن کاملSystems thinking for safety and security Citation
The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for...
متن کاملتجزیه و تحلیل خطرات با استفاده از روش تجزیه و تحلیل فرایند تئوری سیستم (STPA): مطالعه موردی در سیستم های خاموش کننده اضطراری یک نیروگاه حرارتی تولید برق
Introduction: The weaknesses of traditional hazard analysis methods lead to their inefficiency to utilization for modern socio-technical systems. System Theoretic Process Analysis (STPA), which is in the category of systematic analysis methods, has a powerful logic to identify hazards in such systems,as a suitable alternative method. This study aimed to analyze hazards associated with extinguis...
متن کاملAligning Cyber-Physical System Safety and Security
Safety and security are two key properties of Cyber-Physical Systems (CPS). Safety is aimed at protecting the systems from accidental failures in order to avoid hazards, while security is focused on protecting the systems from intentional attacks. They share identical goals – protecting CPS from failing. When aligned within a CPS, safety and security work well together in providing a solid foun...
متن کاملModeling and Analysis of Safety-Critical Cyber Physical Systems using State/Event Fault Trees
Modern cyber physical systems (CPSs) are becoming more and more vulnerable to security related attacks, due to the growing number of interconnectivity and standardized communication channels. This evolution make the traditional approaches considering the safety and security domains as two disjunctive areas obsolete. In this paper we propose state/event fault tree for modeling and analyzing the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Inf. Sec. Appl.
دوره 34 شماره
صفحات -
تاریخ انتشار 2017